sandpolis is a virtual estate monitoring/management tool under active
development.
Sandpolis is an extremely high-value attack target as it provides management access to your virtual estate. To compensate, strong security measures are available:
-
All connections to a server use mTLS and require a valid client certificate. The server automatically rotates these certificates periodically, but the initial certificate must be installed out-of-band.
-
Users can be required to login with two-factor authentication codes.
-
User permissions can restrict what users are able to do and on what instances.
-
Agents can optionally run in read only mode which still provides useful information, but prohibits all write operations. This can significantly mitigate potential damage in the event of server compromise.
Even with several layers of strong authentication, there's always risk that the Sandpolis server can be compromised. If the risks of "single point of compromise" outweigh the convenience of having a unified management interface, then don't use Sandpolis.
Features are organized into layers that can be toggled on/off in the UI.
Triggers user notifications when certain events are detected in the Sandpolis network. For example, if a user's status is currently AWAY, an unexpected SSH login from that user (anywhere in the network) will fire an urgent alert.
Provides access to remote desktop capabilities.
Provides read/write access to agent filesystems. The Sandpolis client can also mount a remote filesystem.
Integrates with the package manager on agents to manages package versions.
Probes are managable from the Sandpolis network, but don't run agent software. Instead, a remote Sandpolis agent instance connects to probes over a standard protocol like SSH, SNMP, Docker, etc.
Provides an interactive remote shell.